Analysis
-
max time kernel
132s -
max time network
141s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
06-11-2020 00:39
Static task
static1
Behavioral task
behavioral1
Sample
62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe
-
Size
251KB
-
MD5
0fb415a9b04d06cf59a8738cee9f6c87
-
SHA1
73a86e9e484fa098ec5179c7a6b9707ae5a3aec7
-
SHA256
62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f
-
SHA512
2a2e05e078924dd26a86c184075aca1cfe1ef80bf29d67ed70b58193f7fe226256a886140d39eb679bc9bc438263fc3e696264fc9ecd2e835af62c6fdb769262
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
Processes:
62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exedescription pid process Token: SeIncreaseQuotaPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeSecurityPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeTakeOwnershipPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeLoadDriverPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeSystemProfilePrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeSystemtimePrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeProfSingleProcessPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeIncBasePriorityPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeCreatePagefilePrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeBackupPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeRestorePrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeShutdownPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeDebugPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeSystemEnvironmentPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeChangeNotifyPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeRemoteShutdownPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeUndockPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeManageVolumePrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeImpersonatePrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: SeCreateGlobalPrivilege 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: 33 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: 34 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: 35 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe Token: 36 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exepid process 2268 62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe"C:\Users\Admin\AppData\Local\Temp\62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2268